MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4c50166f03dda4dc5191354926bc1e3114fbc7ddf7f39127f8a480bb432398e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4c50166f03dda4dc5191354926bc1e3114fbc7ddf7f39127f8a480bb432398e
SHA3-384 hash: 6363c199b8077d97b896649a4e157ca6f9ce428e4ba71bf67c988891c40ff4a426fb5838da16df67473a9909ad7a4970
SHA1 hash: 79e14856bd99b6888d7eb6c490934e01f5b06e9a
MD5 hash: 94ba15fb6d8c8b5acf2a692bb5f75806
humanhash: four-equal-berlin-may
File name:94ba15fb6d8c8b5acf2a692bb5f75806
Download: download sample
File size:9'216 bytes
First seen:2021-09-20 09:45:33 UTC
Last seen:2021-09-20 11:07:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3636696cda8ae63c15290a7642f2c7a3
ssdeep 192:KK32xzpeBnMrntbTWtmP1oynmU6TWS/xcb:KK32xzpASbT6Q17oWS/2b
Threatray 16 similar samples on MalwareBazaar
TLSH T1BB12C7028B644551FBA2C9B113B54BAC897EBE33130570EF327BA9C59734A52953033F
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
94ba15fb6d8c8b5acf2a692bb5f75806
Verdict:
Malicious activity
Analysis date:
2021-09-20 09:46:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8653417c-d076-4558-9163-919a73c60e92

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/189371/
Detection(s):
SecuriteInfo.com.Heur.Mint.Zard.39.11510.30482.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Malware family:
Phorpiex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d7f6e9ff-d0ab-4873-a818-c5aceef0734f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/853915
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Drops PE files to the user root directory
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4c50166f03dda4dc5191354926bc1e3114fbc7ddf7f39127f8a480bb432398e/
Threat name:
Win32.Trojan.MintZard
Create hunting rule
Status:
Malicious
First seen:
2021-09-20 01:23:46 UTC
AV detection:
15 of 45 (33.33%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
191e85467c65e5e382e384b39edeea61f4daad41c3c192d2be70e1c3ab2f0760
38637b0bf898df12f7549c595eb255b38995e8da8058bff700428d90e98052c1
39a049ad593b7405e767213e5e3204b7be9b8c38add91b124294c1a5bbfc2871
53cae19aa470b038966c47f8e7361fde1da99f4f54ea97ab3fb7198506ecbc3d
5d9b6c49a8c84b01122da49a1237c880e2eb71d44f264e8a0effc56b7b586bf6
7e663d31d2d1fb89bb88dfa65fea415d754e5a9e6d804cf99c59d98f95580945
ab47f2c37d0612239214050393cff3f26715448550ead7c3180fe2c842df19e4
ac836d33a1ee0cf140e455a4d0d4eca6f65a3ddb4e7673d113fe5f55ff73ba88
e6e1567dba427fd20cec7ffd9a830a1f144db637856ae7567d257387b0218f63
fe3428c2f1613c72ef1612b6876239ec8cc058628e8240664315359802215af1
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/210920-lrmsgsgcan/
Behaviour
Adds Run key to start application
Unpacked files
SH256 hash:
b4c50166f03dda4dc5191354926bc1e3114fbc7ddf7f39127f8a480bb432398e
MD5 hash:
94ba15fb6d8c8b5acf2a692bb5f75806
SHA1 hash:
79e14856bd99b6888d7eb6c490934e01f5b06e9a
Link:
https://www.unpac.me/results/33068c4e-9a4f-4a08-8328-ae24a7f7c776/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.76
Link:
https://yomi.yoroi.company/submissions/b4c50166f03dda4dc5191354926bc1e3114fbc7ddf7f39127f8a480bb432398e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b4c50166f03dda4dc5191354926bc1e3114fbc7ddf7f39127f8a480bb432398e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1635157/
Cape
Cape
https://www.capesandbox.com/analysis/189371/

Comments


Avatar
zbet commented on 2021-09-20 09:45:36 UTC

url : hxxp://185.215.113.84/phorrem.exe